Server Being Spammed By Node-Fetch User-Agent

Hello everyone,

I need some help, since I don’t know a whole lot when it comes to web security. I run a website that gets decent traffic. Today, I received an alert saying that I had used quite a bit of bandwidth. Thinking it was odd, I looked into it, and found that my normal 1-3 GB a day had turned into 9-15 GB a day.

I checked the visitor logs and found a user agent, node-fetch/1.0 (+https://github.com/bitinn/node-fetch), constantly spamming the home page of my website. By constant, I mean 30-45 times a minute if not more. It only requested the home page and nothing else.

I haven’t been able to find much information on the subject, other than that github link that says it adds window.fetch to Node.js.

I immediately turned on “Under Attack Mode” and that halted the spammer’s requests. I implemented a Firewall rule that matches that user-agent and have it JS Tested. I think turned off Under Attack Mode. The firewall match seems to be deflecting the spammer.

What I need to know is my next steps? Is it safe for me to keep that user-agent match on the firewall? Is there something I can do in the future to prevent this sort of spamming?

Thanks in advance.

That sounds like you’ve found a safe solution. No legitimate user should have node-fetch for a User Agent String. Just keep an eye out in case they change their User Agent String. Were those hits all from the same IP address?

1 Like

Thanks for the reply. I’ll definitely be keeping a paranoid eye on it. The hits were coming from multiple IP’s.

1 Like

If you have some of those IP addresses handy, plug them in here to see if they’re all from the same ASN. You may opt to block that as well.

https://www.ultratools.com/tools/asnInfo